Denial-of-Service Vulnerability in libsoup HTTP Library by GNOME
CVE-2025-4948
Key Information:
- Vendor
Red Hat
- Status
- Vendor
- CVE Published:
- 19 May 2025
What is CVE-2025-4948?
A vulnerability exists in the libsoup HTTP library's soup_multipart_new_from_message()
function, utilized by GNOME and other applications for handling web communications. This flaw arises from improper validation when processing specially crafted multipart messages. The resulting integer underflow can lead to invalid memory access, causing affected applications or servers to crash unexpectedly. Thus, any application relying on libsoup is at risk of experiencing a denial-of-service, which may disrupt service availability and user access.
Affected Version(s)
Red Hat Enterprise Linux 10 0:3.6.5-3.el10_0.6
Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.62.2-6.el7_9
Red Hat Enterprise Linux 8 0:2.62.3-9.el8_10
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved